Content deleted Content added
Shafin10555 (talk | contribs) No edit summary Tags: Visual edit Mobile edit Mobile web edit |
Shafin10555 (talk | contribs) No edit summary Tags: Visual edit Mobile edit Mobile web edit |
||
Line 60:
== Impact of MD5 security on digest authentication ==
The [[MD5]] calculations used in
The [[MD5]] calculations used in HTTP digest authentication is intended to be "[[one-way function|one way]]", meaning that it should be difficult to determine the original input when only the output is known. If the password itself is too simple, however, then it may be possible to test all possible inputs and find a matching output (a [[brute-force attack]]) – perhaps aided by a [[dictionary attack|dictionary]] or [[rainbow table|suitable look-up list]], which for MD5 is readily available<ref>[http://project-rainbowcrack.com/table.htm List of rainbow tables, Project Rainbowcrack]. Includes multiple MD5 rainbow tables.</ref>.▼
▲
The HTTP scheme was designed by [[Phillip Hallam-Baker]] at [[CERN]] in 1993 and does not incorporate subsequent improvements in authentication systems, such as the development of keyed-hash message authentication code ([[HMAC]]). Although the [[cryptography|cryptographic]] construction that is used is based on the MD5 hash function, [[collision attack]]s were in 2004 generally believed to not affect applications where the plaintext (i.e. password) is not known.<ref name="CryptoRes-2004">{{cite web
| |||